The short version
Your letters are between the two of you. Doveborn stores them so we can show them back. We don't sell anything to anyone. We don't read them. We use as little data about you as we can get away with, and we delete what we no longer need.
Who runs Doveborn
Doveborn is run as a registered sole trader (a Finnish toiminimi) based in Finland. For anything about your data — questions, requests, or complaints — write to privacy@doveborn.com. We are the data controller for the information described here.
What we store
- Your name, email, and timezone, to identify you and time deliveries.
- Your couple link, to know whose letter belongs with yours.
- When you invite a partner, the invite code and, if you enter it, the email address you send the invitation to.
- Each weekly question, your sealed answer, and your partner's sealed answer.
- Notification preferences and (if you give them) push tokens, phone number for SMS.
- Subscription state, if you become a Par Avion subscriber.
Who we share it with
We use third-party services (subprocessors) to make Doveborn run. Each one only sees the slice it needs:
- Clerk: sign-in.
- Convex: database and realtime sync.
- Polar: billing — our merchant (seller) of record for subscriptions.
- Anthropic: AI question generation (paid plan). Only the tags of past topics are sent. Your answers never leave Doveborn.
- Resend: transactional email.
- Twilio: SMS (paid plan).
- Firebase Cloud Messaging: push notifications.
- PostHog: anonymous product analytics, cookieless by default.
- Sentry: crash and error reporting.
- Cloudflare: app hosting and content delivery.
Where your data goes
Some of these providers process data outside the EEA, mainly in the United States (for example Anthropic, Clerk, Twilio, Resend, PostHog, Sentry, and Firebase). Where that happens, the transfer relies on safeguards recognised under EU law — Standard Contractual Clauses, or the EU–US Data Privacy Framework where the provider is certified.
Why we're allowed to keep it
Our legal bases under GDPR are straightforward:
- Performing our contract with you — running your account, delivering questions, storing and revealing letters, and handling your subscription.
- Your consent — optional analytics cookies, and SMS notifications if you turn them on. You can withdraw it anytime.
- Our legitimate interests — keeping Doveborn secure, preventing abuse, and fixing crashes.
- Legal obligations — where the law requires us to keep certain records.
How long we keep it
We keep your data while your account is active. When you delete your account, your profile is scrubbed and your letters are tombstoned straight away; backups age out within 30 days. Billing records may be retained longer where bookkeeping law requires it. Analytics and crash data follow each provider's own retention windows.
Your rights
You can download every letter you have written from your Account page. You can delete your account from the same page. Your letters are tombstoned and your partner can continue with theirs intact.
If you are in the EU or UK, you have additional rights under GDPR / UK GDPR (access, correction, deletion, portability, restriction, objection). To exercise any of these, email privacy@doveborn.com.
If you think we've handled your data badly, you can complain to a data protection authority. Ours is the Finnish Office of the Data Protection Ombudsman (tietosuoja.fi); you may also contact the authority where you live.
Children
Doveborn is for adults. We don't knowingly collect data about anyone under 18.
Changes
When we change this policy in a material way we will email both partners and surface a note in the app.